[Trond M�hlum] > As far as I can see, the teacher group already has this authority. When > a member of teacher logs into webmin, the have access to the ldap user > module. There they can change the password for a student, but *only* if > they first type in the old user password (which the student has > lost...). This makes this function rather pointless.
No, this authority is not granted to the teacher group. Every user have the authority to change his password, and this is the authority the teacher is invoking by specifying the username and password of the student. The teacher is not acting as a teacher, she is acting _as the student_. And this authority is granted by the LDAP server (slapd) - any connection capable of supplying a valid username and password is allowed to change the password of the given user. The issue I describe require allowing some users access to changing _other_ users password, and this need a different set of premissions. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
